Hello,I am trying to get Kerberos Authentication and LDAP Authorization working together.
But I have a situation where some of my users have Kerberos principal name that are different from their LDAP uids which is used in group membership. Basically each users has 2 UID attributes, one is just a plain username, and 2nd is principal@REALM. Some of the users's usernames and principals are different.
However there is a 2nd attribute in the form of UUID in a user's entry that is also added to the group, when a user is added to a group.
I think using AuthLDAPRemoteUserAttribute and AuthLDAPGroupAttribute both set to this UUID attribute will solve my problem. However if I am not mistaken, AuthLDAPRemoteUserAttribute is only set if LDAP is used for authentication (based on mod_authnz_ldap.c). I am using httpd-2.4.6-67.el7 that comes with Centos 7.
Is there anyway I can force AuthLDAPRemoteUserAttribute to be set when my AuthType is set to Kerberos?
Thanks, ... ling --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|